Wednesday, 21 December 2011

Ransomware, the practice of providing fake notifications that “you’re infected” and then selling a fake solution that removes the fake malware they just installed, has been a boon for scammers. Now, they’re taking it a step farther, and throwing in a law enforcement scare.

This time, an official-looking banner pops up, purporting to be from various law enforcement agencies, localized by region, and locks down a user’s data unless they act. The malware seems to be highly localized, targeting specific language groups and matching that against localized law enforcement body names. So if you’re in Germany, you get a pop-up purporting to come from the “German Federal Police”, but in the UK you’d get a notice from the “Metropolitan Police.”

This is the sort of localized threat Sebastian wrote about recently as a prediction for 2012. By localizing attacks, they can seem more real and have a higher “success” rate, because they seem more relevant to users in a given region.